I have recently put some of my sites behind Cloudflare and now the MainWP Child plugin can’t be detected because Cloudflare thinks it’s an attack. I have gone into the Cloudflare settings and allowed the dashboard ip address, but it didn’t help! Anyone have any suggestions?
Do you have bot fight mode enabled, because that can cause issues. Did you configure any WAF rules, and if so were they Troy’s rules?
The 2 biggest items that will cause issues for this are Bot Fight mode and you need to whitelist your dashboard IP.
Hey @MDPro
Welcome to the MainWP community.
As @7thcircle correctly points out, WAF rules on the Child sites can interfere with the connection from the MainWP Dashboard.
And the Bot Fight mode can also interfere.
We have additional information about Cloudflare in our help document: Troubleshoot connection problems - MainWP Documentation
From my understanding about MainWP and an important knowledge about Cloudflare, assuming all your sites are in the same Cloudflare zone, as long as the IP address is added as a bypass (in Security > WAF > Tool), it should work. But also, you should add the User-agent of your MainWP server (it contains “MainWP”) in a bypass rule (in Security > WAF > Custom rules) by selecting “ignore” for all security app (including Bot Fight mode).
There are no bypasses for Bot Fight Mode. If you are on a paid plan, you can bypass Super Bot Fight Mode.
Adding MainWP to a bypass rule may or may not work, depending on the bypass rule and if it skips everything else. If you allow other rules to run, adding it to the bypass may not help.
You’re absolutely right, I was referring to the Cloudflare Pro subscription. And regarding the rules, the following need to be bypassed for it to work.
Personally, I would never take the risk of putting websites behind a very limited free Cloudflare plan.
The free Cloudflare plan can be great if configured correctly. No reason most users (I stress most, not all) need a paid plan.
Free plan are limited to 5 custom rules. Instead of a Pro plan for professionals, this prevents the creation of properly organized rules to facilitate the management and granularity of analyses in the firewall. The lack of rules constrain to mix too much kind of criterias with AND and OR operator to obtain a reasonably effective level of security.
Not to mention the limitations of optimization.
Today, and already since a long time ago for bots, and increasingly now with AI and suspicious bots farms, you cannot fully secure a website with a free plan without loosing your hair in the process.
The limitations are also very very important in the requests analysis, because of the missing filter panel and a limited date filter (only 24-hour blocks).
I only offer the free Cloudflare plan to customers who don’t want to pay (only 2 of my customers have it). Of course, I don’t handle technical support for their accounts; if I do, they have to pay for that support. This is the game.
Hello @MDPro
Were you able to solve the problem?